The vault_secrets_by_role pillar contains the keys to give access to by role.

It now seems dangerous to run any salt-call --local state.sls roles/vault/policies command,
as it wants to remove keys for docker-002 and WindRiver among others.

As rOPS have currently a lot of changes not merged, the keys are probably from those.

For now, we review every key to remove and try to identify what change introduced them.
We can also check the list at https://devcentral.nasqueron.org/source/operations/browse/main/pillar/credentials/ but that only accounts for ops/secrets/nasqueron/devcentral/mail_local (if I remember well, after a specific number of days, a change isn't linked there anymore)

In the future, I'd suggest we prepare separate commits to add new credentials, separate from the rest